Reply
Member
Posts: 3
Registered: ‎04-25-2018
Accepted Solution

Wehbook post request header hash not always matching

Upon receiving the webhook post request we hash the request body using HMAC-SHA12 and our signature key (to binary) and then compare the result with the X-ANET header hash sent.

 

Sometimes it matches, sometimes it does not. This only happens with production credentials, not sandbox.  

 

What could be causing this?

 

Thanks


Accepted Solutions
Solution
Accepted by topic author naivysr_2018Dev
‎04-30-2018 10:52 AM
Authorize.Net Developer
Posts: 5
Registered: ‎02-16-2018

Re: Wehbook post request header hash not always matching

Hi. I cannot explain the behavior you are seeing, but am on the Authorize.net Webhooks development team, and will talk to my colleagues about this.

 

A couple of questions to get context on your situation:

 

Are you able to say how often the hash matches, and how often it does not? (rough percentages)

Are you now just starting to use webhooks in production (and observing the hash match failure) or have you previously been using webhooks without observing this problem?

 

Thanks, I will update you as soon as I can.

 

BobQ

View solution in original post

Solution
Accepted by topic author naivysr_2018Dev
‎04-30-2018 10:52 AM
Member
Posts: 3
Registered: ‎04-25-2018

Re: Wehbook post request header hash not always matching

Hi! thanks for taking the time to answer.

 

We found the issue and it's silly simple.

 

Auth.net hashes the payload amounts with decimal zeroes, e.x: 0.30.

 

Our api is written in NodeJS and the default body parser we had in place was parsing the request body to a JSON and removing decimal zeroes, which don't not exist in js, and that was what we were hashing which was causing the mismatch. So payloads with amounts like 1.00, 1.10 were not being hashed correctly on our end.

 

So, the fix for this was setting the body parser to take the body as a string which preserves the amount as we need it.

 

Thanks BobQ, hope this helps other developers facing the same problem.

View solution in original post


All Replies
Solution
Accepted by topic author naivysr_2018Dev
‎04-30-2018 10:52 AM
Authorize.Net Developer
Posts: 5
Registered: ‎02-16-2018

Re: Wehbook post request header hash not always matching

Hi. I cannot explain the behavior you are seeing, but am on the Authorize.net Webhooks development team, and will talk to my colleagues about this.

 

A couple of questions to get context on your situation:

 

Are you able to say how often the hash matches, and how often it does not? (rough percentages)

Are you now just starting to use webhooks in production (and observing the hash match failure) or have you previously been using webhooks without observing this problem?

 

Thanks, I will update you as soon as I can.

 

BobQ

Solution
Accepted by topic author naivysr_2018Dev
‎04-30-2018 10:52 AM
Member
Posts: 3
Registered: ‎04-25-2018

Re: Wehbook post request header hash not always matching

Hi! thanks for taking the time to answer.

 

We found the issue and it's silly simple.

 

Auth.net hashes the payload amounts with decimal zeroes, e.x: 0.30.

 

Our api is written in NodeJS and the default body parser we had in place was parsing the request body to a JSON and removing decimal zeroes, which don't not exist in js, and that was what we were hashing which was causing the mismatch. So payloads with amounts like 1.00, 1.10 were not being hashed correctly on our end.

 

So, the fix for this was setting the body parser to take the body as a string which preserves the amount as we need it.

 

Thanks BobQ, hope this helps other developers facing the same problem.